
Retailers Leave Consumers Vulnerable to Cyberattacks Ahead of Black Friday
As Black Friday approaches, marking the start of the holiday shopping season, Proofpoint Inc., a leading cybersecurity and compliance company, has unveiled research showing that two out of five top U.S. retailers are failing to adequately protect consumers from email fraud and cybercrime.
Email Fraud and DMARC Adoption
Proofpoint’s analysis of Domain-based Message Authentication, Reporting, and Conformance (DMARC) adoption among the top 50 U.S. retailers highlights significant gaps in email security. DMARC is an email protocol designed to authenticate sender identities and prevent cybercriminals from spoofing domain names. The protocol features three levels of protection: monitor, quarantine, and reject—the last of which blocks fraudulent emails entirely.
Key Findings:
- 60% of retailers have adopted the highest “reject” policy to block suspicious emails, a 12% increase from 2023.
- 40% of retailers are not actively preventing fraudulent emails from reaching consumer inboxes.
- 10% have no DMARC records in place at all.
- 18% are using a “monitor” policy, leaving emails vulnerable to reaching inboxes, while 12% use a “quarantine” policy to divert suspicious messages to spam folders.
A Growing Threat Amid Holiday Shopping
The National Retail Federation (NRF) predicts that Americans will spend between $979.5 billion and $989 billion this holiday season, with online shopping driving much of the growth. However, the surge in email communications during this period also provides cybercriminals with ample opportunities to launch phishing attacks, steal personal information, and commit identity fraud.
“Email remains the preferred tool for cybercriminals, and the retail sector is a key target,” said Robert Holmes, Group VP at Proofpoint. “While it’s promising to see more retailers implementing strong email fraud protections, there’s still significant work to be done, especially as consumers rush to snag seasonal deals.”
Consumer Safety Recommendations
Proofpoint advises shoppers to adopt these practices to safeguard against cyber threats:
- Secure Your Passwords: Use unique passwords for each account, leverage a password manager, and enable multi-factor authentication.
- Watch for Fake Websites: Avoid visiting imitation sites that mimic popular brands to steal data or sell counterfeit goods.
- Be Alert to Phishing: Stay cautious of phishing emails, SMS messages (smishing), and suspicious links aiming to capture sensitive information.
- Avoid Clicking Links: Instead of clicking email links, manually type trusted website URLs into your browser.
- Verify Offers: Before purchasing, check for online reviews or complaints to validate the authenticity of deals or websites.
Positive Trends in Email Security
Google’s updated email authentication rules have reduced the volume of unauthenticated messages by 265 billion in 2024, showcasing the potential impact of robust email security measures.
For more information on DMARC and email fraud protection, visit Proofpoint’s website.
About Proofpoint
Proofpoint, Inc. is a global leader in cybersecurity and compliance, specializing in protecting organizations’ most valuable assets—their people. Trusted by 85% of the Fortune 100, Proofpoint offers people-centric security solutions to combat email fraud, phishing, and data breaches across email, cloud, and social platforms. Visit Proofpoint.com to learn more.